agenttesla | 899ec0018ffd52f88afef99e39e7d8bd590d53c97db9e00fbcd8f3ee435bf1b4 | Triage

Sharing

General

Target

899ec0018ffd52f88afef99e39e7d8bd590d53c97db9e00fbcd8f3ee435bf1b4
Size

728KB
Sample

240428-bdqxwacg6y
MD5

6f2797cbb2b0f7d92dc5ebfbbd987f85
SHA1

af56e2f634f414c2234d8f4e0dee2658047111eb
SHA256

899ec0018ffd52f88afef99e39e7d8bd590d53c97db9e00fbcd8f3ee435bf1b4
SHA512

d8f46e01a272be67e13f0503fc025f96ada71a3db9d02b79195c8b8d06241382836ec6b8ab3205cb4a6e90ada6fe6c8c9c4f657851b814ec39416a29daf48be3
SSDEEP

12288:sxE6B27ww4XyjbVvPN6Df3HI0BNjygnlhoEMOPEXkg:sxFBU4XsVO40BNDnlhoEMOP

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.quoctoan.vn
Port:
587
Username:
long_xnk@quoctoan.vn
Password:
bGMJNaGYNTLC
Email To:
dclarkson007@protonmail.com

Targets

- Target
  
  899ec0018ffd52f88afef99e39e7d8bd590d53c97db9e00fbcd8f3ee435bf1b4
- Size
  
  728KB
- MD5
  
  6f2797cbb2b0f7d92dc5ebfbbd987f85
- SHA1
  
  af56e2f634f414c2234d8f4e0dee2658047111eb
- SHA256
  
  899ec0018ffd52f88afef99e39e7d8bd590d53c97db9e00fbcd8f3ee435bf1b4
- SHA512
  
  d8f46e01a272be67e13f0503fc025f96ada71a3db9d02b79195c8b8d06241382836ec6b8ab3205cb4a6e90ada6fe6c8c9c4f657851b814ec39416a29daf48be3
- SSDEEP
  
  12288:sxE6B27ww4XyjbVvPN6Df3HI0BNjygnlhoEMOPEXkg:sxFBU4XsVO40BNDnlhoEMOP
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan